Pen testing being the sexy part of Infosec, the first thing most companies want to do when starting an application security program is to scan everything. Unfortunately, learning from experience, this rarely leads to good results. Using my experience in building an application security program and the best practices used by other companies, I’ll show you how to start an effective application security program in your organization. This will include laying the groundwork to ensure proper coverage, using your resources effectively, ensuring proper follow through on remediation activities, and building good relationships with your devs.

Back to BSides Chicago 2014 video list